New macOS Malware Breaks Apple Security to take Photos

New spyware has been discovered that can bypass built-in macOS security and privacy feature called Transparency Consent and Control. This is the feature that alerts the user when an app tries to do something that may impact the users’ privacy–such as recording keystrokes or taking a photo–asking for user permission before the action can take place. This malware is able to hijack other apps’ permissions to be used as its own authorization.

As an example, the malware could hook into Zoom, which had previously been granted permission to perform screen recording, to then allow the malware to record the users’ screen, and then send the recording to the malware developer.

What You Can Do About This Issue

This vulnerability has been fixed in macOS 11.4.

  1. On your Mac, open Apple menu > About This Mac.
  2. If your macOS version is 11.4, you are safe from this vulnerability and can stop here. If your macOS version is NOT 11.4, continue…
  3. On your Mac, open Apple menu > System Preferences > Software Update.
  4. Tap the Update Now button.
  5. Follow the onscreen instructions to download and install macOS 11.4.